CVE-2018-14568

EUVD-2018-6477
Suricata before 4.0.5 stops TCP stream inspection upon a TCP RST from a server. This allows detection bypass because Windows TCP clients proceed with normal processing of TCP data that arrives shortly after an RST (i.e., they act as if the RST had not yet been received).
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 51%
Affected Products (NVD)
VendorProductVersion
suricata-idssuricata
𝑥
< 4.0.5
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
suricata
bookworm
1:6.0.10-1
fixed
bullseye
1:6.0.1-3
fixed
jessie
no-dsa
sid
1:7.0.7-1
fixed
stretch
no-dsa
trixie
1:7.0.7-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
suricata
bionic
needs-triage
cosmic
ignored
disco
ignored
eoan
ignored
focal
dne
groovy
dne
hirsute
dne
impish
dne
jammy
not-affected
kinetic
not-affected
lunar
not-affected
mantic
not-affected
noble
not-affected
trusty
dne
xenial
needs-triage
References
https://github.com/OISF/suricata/pull/3428/commits/843d0b7a10bb45627f94764a6c5d468a24143345
https://github.com/kirillwow/ids_bypass
https://redmine.openinfosecfoundation.org/issues/2501
https://suricata-ids.org/2018/07/18/suricata-4-0-5-available/
https://github.com/OISF/suricata/pull/3428/commits/843d0b7a10bb45627f94764a6c5d468a24143345
https://github.com/kirillwow/ids_bypass
https://redmine.openinfosecfoundation.org/issues/2501
https://suricata-ids.org/2018/07/18/suricata-4-0-5-available/